With more records compromised than there are US citizens, 2014 was inevitably the worst year for data breaches on record. Although the full cost to the national economy of the vast data losses has yet to be calculated, we can safely say it’s going to be BIG.

There is, however, one glimmer of good news for US companies: according to IBM and Ponemon Institute’s 2014 Cost of Data Breach Study: United States report – its ninth annual study on the cost of data breaches to US companies – certain organizational factors reduce the cost of a data breach.

The study found that, while the average cost per lost or stolen record increased from $188 to $201 in 2014, organizations with a strong security posture or a formal incident response plan in place before a data breach incident saw the average cost reduce by as much as $21 and $17 per record, respectively.

The report also found that:

The overall cost of data breaches increased. Bucking the previously downward trend, the total average cost paid by breached organizations rose from $5.4 to $5.9 million – largely as a result of reputational damage and increased customer turnover.

Criminal attacks were the main causes of data breaches, and resulted in the highest per capita breach cost. 44% of surveyed organizations suffered data losses resulting from malicious activity, at an average cost of $246 per compromised record.

Having a business continuity management plan reduced the cost of a data breach by $13 per record, and appointing a CISO to lead the data breach incident response team reduced the per capita cost by $10.

In short, organizations that are ready to respond appropriately to data breach incidents are in a much better financial position than those that do not.

ISO 27001

ISO 27001, the international information security management standard, allows organizations of all sizes, sectors, and locations to implement an information security management system (ISMS) that enables them to institute global information security best practices that address people, processes, and technology so that they can prepare for the worst.

By implementing an ISO 27001-compliant ISMS, organizations will benefit from having a systematic approach to managing confidential or sensitive corporate information so that it remains secure.

ISO 27001 implementation solutions

IT Governance has led hundreds of ISO 27001 certifications around the world and has now developed a series of fixed-price ISO 27001 implementation solutions to allow organizations of all sizes, sectors, and locations to use IT Governance’s expertise to implement the Standard at a speed and for a budget appropriate to their individual needs.